<?php

namespace App\Http\Middleware;

use Closure;

class AccessControlAllowOrigin
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request $request
     * @param  \Closure $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        header('P3P:CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA div COM NAV OTC NOI DSP COR"');
        header("Access-Control-Allow-Credentials:true");
        $white_list = [
            "http://http://demo.demo.com",
            "http://192.168.31.183:8060",
        ];

        $white = isset($_SERVER['HTTP_ORIGIN']) ? $_SERVER['HTTP_ORIGIN'] : '';
        if (in_array($white, $white_list)) {
            header("Access-Control-Allow-Origin:" . $white);
        }

        header("Access-Control-Allow-Headers:Origin,Content-Type,Cookie,Accept,X-CSRF-TOKEN,X-XSRF-TOKEN");
        header("Access-Control-Allow-Methods:GET,POST,PATCH,PUT,OPTIONS");

        return $next($request);
    }
}